Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0"?>
- <component name="org.nuxeo.ecm.directory.ldap.storage.users">
- <require>org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory</require>
- <!-- the groups SQL directories are required to make this bundle work -->
- <require>org.nuxeo.ecm.directory.sql.storage</require>
- <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
- point="servers">
- <!-- Configuration of a server connection
- A single server declaration can point to a cluster of replicated
- servers (using OpenLDAP's slapd + sluprd for instance). To leverage
- such a cluster and improve availability, please provide one
- <ldapUrl/> tag for each replica of the cluster.
- -->
- <server name="default">
- <ldapUrl>ldap://win2k1201:389</ldapUrl>
- <!-- Optional servers from the same cluster for failover
- and load balancing:
- <ldapUrl>ldap://server2:389</ldapUrl>
- <ldapUrl>ldaps://server3:389</ldapUrl>
- "ldaps" means TLS/SSL connection.
- -->
- <!-- Credentials used by Nuxeo5 to browse the directory, create
- and modify entries.
- Only the authentication of users (bind) use the credentials entered
- through the login form if any.
- -->
- <bindDn>CN=Nuxeo LDAP Service User,CN=Managed Service Accounts,DC=pinnsg,DC=com<bindDn>
- <bindPassword>secret</bindPassword>
- </server>
- </extension>
- <extension target="org.nuxeo.ecm.directory.ldap.LDAPDirectoryFactory"
- point="directories">
- <directory name="userDirectory">
- <server>default</server>
- <schema>user</schema>
- <idField>username</idField>
- <passwordField>password</passwordField>
- <searchBaseDn>OU=Pinnacle Solutions Group,DC=pinnsg,DC=com</searchBaseDn>
- <searchClass>person</searchClass>
- <!-- To additionally restricte entries you can add an
- arbitrary search filter such as the following:
- <searchFilter>(&(sn=toto*)(myCustomAttribute=somevalue))</searchFilter>
- Beware that "&" writes "&" in XML.
- -->
- <!-- use subtree if the people branch is nested -->
- <searchScope>onelevel</searchScope>
- <!-- using 'subany', search will match *toto*. use 'subfinal' to
- match *toto and 'subinitial' to match toto*. subinitial is the
- default behaviour-->
- <substringMatchType>subany</substringMatchType>
- <readOnly>false</readOnly>
- <!-- comment <cache* /> tags to disable the cache -->
- <!-- cache timeout in seconds -->
- <cacheTimeout>3600</cacheTimeout>
- <!-- maximum number of cached entries before global invalidation -->
- <cacheMaxSize>1000</cacheMaxSize>
- <!--
- If the id field is not returned by the search, we set it with the searched entry, probably the login.
- Before setting it, you can change its case. Accepted values are 'lower' and 'upper',
- anything else will not change the case.
- -->
- <missingIdFieldCase>lower</missingIdFieldCase>
- <!-- Maximum number of entries returned by the search -->
- <querySizeLimit>200</querySizeLimit>
- <!-- Time to wait for a search to finish. 0 to wait indefinitely -->
- <queryTimeLimit>0</queryTimeLimit>
- <creationBaseDn>OU=Pinnacle Solutions Group,DC=pinnsg,DC=com</creationBaseDn>
- <creationClass>top</creationClass>
- <creationClass>person</creationClass>
- <creationClass>organizationalPerson</creationClass>
- <creationClass>user</creationClass>
- <rdnAttribute>uid</rdnAttribute>
- <fieldMapping name="username">sAMAccountName</fieldMapping>
- <fieldMapping name="password">userPassword</fieldMapping>
- <fieldMapping name="firstName">givenName</fieldMapping>
- <fieldMapping name="lastName">sn</fieldMapping>
- <fieldMapping name="company">o</fieldMapping>
- <fieldMapping name="email">mail</fieldMapping>
- <references>
- <inverseReference field="groups" directory="groupDirectory"
- dualReferenceField="members" />
- </references>
- </directory>
- </extension>
- <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
- <userManager>
- <defaultAdministratorId>Administrator</defaultAdministratorId>
- <defaultGroup>members</defaultGroup>
- </userManager>
- </extension>
- </component>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement